Changeset 190694 in webkit for trunk/Source/JavaScriptCore/dfg/DFGJITCode.h

Timestamp:

Oct 7, 2015, 4:10:20 PM (10 years ago)

Author:

[email protected]

Message:

Unreviewed, rolling back in r190450
​https://bugs.webkit.org/show_bug.cgi?id=149727

This time for sure?

The cause of the leak was an invalidated compilation.

There was vestigial manual memory management code that eagerly removed
a CodeBlock from the set of CodeBlocks if compilation was invalidated.
That's not cool since we rely on the set of CodeBlocks when we run
destructors.

The fix is to remove the vestigial code.

I ran the leaks, correctness, and performance tests locally and did not
see any problems.

Restored changesets:

"CodeBlock should be a GC object"
​https://bugs.webkit.org/show_bug.cgi?id=149727
​http://trac.webkit.org/changeset/190450

File:

• trunk/Source/JavaScriptCore/dfg/DFGJITCode.h (modified) (3 diffs)

trunk/Source/JavaScriptCore/dfg/DFGJITCode.h

@@ -29 +29 @@
 #if ENABLE(DFG_JIT)
 
+#include "CodeBlock.h"
 #include "CompilationResult.h"
 #include "DFGCommonData.h"
@@ -115 +116 @@
     
     void shrinkToFit();
+
+#if ENABLE(FTL_JIT)
+    CodeBlock* osrEntryBlock() { return m_osrEntryBlock.get(); }
+    void setOSREntryBlock(VM& vm, const JSCell* owner, CodeBlock* osrEntryBlock) { m_osrEntryBlock.set(vm, owner, osrEntryBlock); }
+    void clearOSREntryBlock() { m_osrEntryBlock.clear(); }
+#endif
     
 private:
@@ -129 +136 @@
     uint8_t nestedTriggerIsSet { 0 };
     UpperTierExecutionCounter tierUpCounter;
-    RefPtr<CodeBlock> osrEntryBlock;
+    WriteBarrier<CodeBlock> m_osrEntryBlock;
     unsigned osrEntryRetry;
     bool abandonOSREntry;